Recent AML/CTF Updates: A KYC Game Changer

Fundamental changes to how reporting entities collect ‘Know Your Customer’ (KYC) information

On 15 September 2016, amendments came into effect which revise the underlying methods available to reporting entities required to collect Know Your Customer (KYC) information under the Anti-Money Laundering/Counter Terrorism Financing Rules (AML/CTF) made by the Anti-Money Laundering/Counter-Terrorism Financing Rules Amendment Instrument 2016 (No 1) (AML/CTF Rules).

KYC, including Customer Due Diligence (CDD), forms an integral part of an effective AML/CTF system. It enables a reporting entity to identify and verify each of their customers so they can:

  • Be reasonably satisfied that the customer is who they claim to be;
  • Determine the money laundering and terrorism financing risk posed by each customer;
  • Decide whether to proceed with a business relationship or transaction; and
  • Assess the level of future monitoring required.

Under the previous iteration of the AML/CTF Rules, reporting entities were required to collect KYC information ‘from’ the customer. The most recent amendments have updated this to enable information to be collected ‘about’ a customer.

This minor change to the wording of Chapter 4 of the AML/CTF Rules can have a significant impact on a reporting entities on-boarding process:

  • Previously, all KYC information would have been obtained directly from a customer before an entity was able to begin verify it.
  • Now, documents, such as driving licenses and passports, can be used to both collect and verify the information needed to satisfy KYC requirements.

These changes reduce the entities reliance on the customer as a source of information, and need to be considered in conjunction with their obligations under subclause 3.6 of the Australian Privacy Principles. These Principles require personal information about an individual to be collected only from the individual, unless it is unreasonable or impractical to do so, and where it is reasonably necessary for the reporting entity’s functions or activities.

The ability to collate KYC/CDD information from third parties is also permitted under the Global Financial Action Task Force (FATF) AML/CTF recommendations which specify that customer due diligence measures taken include “identifying the customer and verifying that customer’s identity using reliable, independent source documents, data or information.”

Electronic-based safe harbour procedure

Electronic verification processes and systems have become more commonplace as effectiveness and cost efficiencies continue to increase.

The AML/CTF Rules set out the procedure for electronic verification which a reporting entity can follow where the relationship with the customer is considered of medium or lower risk. Previously, the following was required to be verified:

  • Customer’s name and residential address from at least two separate reliable and independent data sources; and
  • Either:
    • Customers date of birth from at least one independent data source; or
    • That the customer has a transaction history for at least three years.

Amendments to the AML/CTF Rules acknowledge the practical limitations of the data sources available to reporting entities with the requirements updated so that the electronic-based safe harbour procedure includes the collection and verification of the following:

  • Customer’s name
  • Either:
    • Residential address; or
    • Date of birth; or
    • That the customer has a transaction history for at least three years. 

Verification of name, residential address or date of birth, must be undertaken by the reporting entity through the use of reliable and independent electronic data from at least two separate data sources. Verification of transaction history requires only one data source.

Other Changes

In addition to the detailed above, the following changes also came into effect on 15 September 2016:

  • Chapter 38 - Division 4 of Part 2 of the AML/CTF Act does not apply to a designated service where, in addition to the pre-existing conditions, the value of the security does not exceed $10,000 (previously $500); and
  • Chapter 56 – The Australian Crime Commission, meaning the agency which, in addition to its other functions, provides systems and services relating to national policing information, including the provision of nationally coordinated criminal history checks, replaces all references to CrimTrac.


The most recent amendments to the AML/CTF Rules enable reporting entities significantly more flexibility in relation to the processes and controls undertaken to comply with their KYC/CDD requirements.

Reviewing, and potentially updating, their AML/CTF systems would allow opportunities to be assessed and realised which would increase productivity, and decrease the time and costs in relation to customer identification and verification and the integration of electronic solutions.  

Refer here  for a complete version of the updated AML/CTF Rules.